CVE-2020-35533

Name
CVE-2020-35533
Description
In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/LibRaw/LibRaw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb
MISC https://github.com/LibRaw/LibRaw/issues/273

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libraw:libraw:0.20.1:*:*:*:*:*:*:* libraw == None == 0.20.1
cpe:2.3:a:libraw:libraw:0.21.0:beta1:*:*:*:*:*:* libraw == None == 0.21.0
cpe:2.3:a:libraw:libraw:0.20.2:*:*:*:*:*:*:* libraw == None == 0.20.2
cpe:2.3:a:libraw:libraw:0.20.0:rc2:*:*:*:*:*:* libraw == None == 0.20.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libraw 3.16-community 0.20.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libraw 3.17-community 0.20.2-r2 Natanael Copa <ncopa@alpinelinux.org> fixed